[go: up one dir, main page]

WO2015036642A1 - Mobile payment system and method based on a single use token - Google Patents

Mobile payment system and method based on a single use token Download PDF

Info

Publication number
WO2015036642A1
WO2015036642A1 PCT/ES2014/070695 ES2014070695W WO2015036642A1 WO 2015036642 A1 WO2015036642 A1 WO 2015036642A1 ES 2014070695 W ES2014070695 W ES 2014070695W WO 2015036642 A1 WO2015036642 A1 WO 2015036642A1
Authority
WO
WIPO (PCT)
Prior art keywords
token
user
payment
mobile device
identification data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/ES2014/070695
Other languages
Spanish (es)
French (fr)
Inventor
Juan Cristobal PEREDA GRANADOS
Elena VELASCO RODRIGUEZ
Carmen URBANO PRADA
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
POMO POSIBILIDADES SA
Original Assignee
POMO POSIBILIDADES SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by POMO POSIBILIDADES SA filed Critical POMO POSIBILIDADES SA
Priority to MX2016003314A priority Critical patent/MX2016003314A/en
Publication of WO2015036642A1 publication Critical patent/WO2015036642A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3274Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being displayed on the M-device

Definitions

  • the invention is part of the Information Technology and Communications (ICT) sector with a specialization in technologies focused on improving security, functionality and communications in the field of mobile devices.
  • ICT Information Technology and Communications
  • the first is more acceptable by users, since it does not imply as much invasion in the personal area of users as it can be with biometric recognition and is much more accessible.
  • biometrics-based systems the use of reliable biometric technologies complicates the current hardware of the devices, since depending on the chosen biometric technology, even the current hardware cannot support it with sufficient reliability.
  • token devices consisting of small hardware that was granted to a specific authorized user of a computerized service, to facilitate the authentication process.
  • the patent document MX200901 1633 also does not reflect the use of the token for its payment application, using another type of own coding composed of 16 digits.
  • RFID radiofrequency identification
  • the system states that the payer launch a message from your mobile with the product information you want to pay (type and quantity of product) to a beneficiary.
  • the system analyzes that message and takes the payer's data (account, etc.), subsequently translating the data to know who should pay.
  • the system sends you a password to confirm that payment.
  • the payer starts the process, while in the proposed system the beneficiary is the one who starts the purchase process and asks the payer for confirmation through the token.
  • the invention relates to a system and method of payment by means of a mobile device, through the generation of OTP codes that combines the creation of a certified identification platform and the development of an application that is installed on the mobile phone or on the computer of the user, which guarantees that the person who performs an operation is really the authorized and authentic person.
  • the system generates a unique security code per transaction that acts as the person's identifier and is validated against a server.
  • the base of the platform has, therefore, two basic components; one developed and hosted on the central server and another that must be downloaded to users' devices, whatever their operating system.
  • the mobile payment system includes:
  • a mobile device with a token generation application configured to generate a single-use token and valid for a certain period of time, the token generated based on at least one temporary data that determines the expiration of the token, a password for user and a secret number stored on the mobile device;
  • a sales terminal of a merchant in charge of receiving the token generated by the mobile device, user identification data and the amount of the purchase made by the user, and forwarding said information, together with merchant identification data, to A server;
  • the system can also comprise a loyalty program server, responsible for managing user points accounts and managing the payment of the purchase through discount points or coupons.
  • the secret number stored in the mobile device is a number generated at the time of installing the token generation application on the mobile device.
  • the mobile device is preferably a mobile phone, in which case the user identification data includes the mobile phone number.
  • the merchant identification data preferably comprises a merchant identifier and a password.
  • the token generation application can be configured to generate the token based also on the purchase amount, thus associating the token with the purchase amount.
  • Another aspect of the present invention relates to a method of payment by mobile device, comprising:
  • Payment can also be made through points or through discount coupons obtained in a loyalty program.
  • This secure and certified system allows the user to guarantee their identification with an operation similar to that of a token device, being an installable solution in the mobile device or PC and not in an additional hardware element.
  • the end user accesses the application installed on the device using a PIN.
  • the application Once the application has been started, it generates a unique password each time it is requested, and the password must be entered in the corresponding system / process to authorize the operation.
  • the system has an application (access via web services) for the commercial establishment, with which all sales operations, querying transaction data and loyalty-related operations can be performed. Through this service a secure data connection (encrypted) is made and the user data ⁇ token and mobile phone) and the merchant data (merchant ID and password) are sent to the central server, in addition to the amount to be charged , in the case of a purchase.
  • This server acts as an intermediary between the establishment (web or physical store) and the payment gateway, and in which the sensitive information related to users and establishments, and user identification data, token or OTP code and amount reside of the purchase.
  • the information is recorded in the transaction database, launching a set of loyalty operations associated with said operation. Some of these operations are activated by the merchant and others are enabled by the user.
  • the new advantages presented today by information and communication technologies in general, and mobile devices in particular, make it desirable to use of such devices (phones and tablets) to access many services without carrying business cards (payment - debit or credit -, loyalty, identification, etc.) and avoid the need to manage and remember many passwords with the insecurity that its use entails.
  • the proposed system and method represents a significant improvement in terms of security, reliability, flexibility, usability, accessibility and agility in the processes that integrate the identification of users and in the realization of payment and loyalty transactions (administration and exchange of coupons), among other.
  • a generator of an identifier or token is used from a mobile device through the use of an algorithm that allows the unequivocal identification of the user, without the need in any case of communications coverage (3G, 3.5G, 4G, GPRS , etc.).
  • the token can be generated at any time, from anywhere.
  • An infrastructure is also used to manage said token throughout the entire process in a transparent manner, preserving at all times the absolute anonymity of the user who performs the transaction and maintaining compatibility with the existing. In this way, the present invention introduces new improvements in the process, such as, for example, greater security in the operations of face-to-face and non-face-to-face payments, since there is no data that directly identifies the user.
  • Figure 1 shows a general diagram of the process.
  • Figure 2 shows a use case of a purchase process.
  • the invention relates to a system and method of payment and loyalty that combines the creation of a certified identification platform and the development of an application that is installed on the mobile phone or on the user's computer, which ensures that the person who Perform an operation is really the authorized and authentic person.
  • the system generates a unique security code per transaction that acts as the person's identifier and is validated against a server.
  • the base of the platform has, therefore, two basic components; one developed and hosted on the central server and another that must be downloaded to users' devices, whatever their operating system.
  • This secure and certified system allows the user to guarantee their identification with an operation similar to that of a token device, being an installable solution in the mobile device or PC and not in an additional hardware element.
  • the end user accesses the application installed on the device using a PIN. Once the application has been started, it generates a unique password each time it is requested, and the password must be entered in the corresponding system / process to authorize the operation.
  • the central system recognizes the relation telephone number and token number, allowing to verify the authenticity of the person and the amount of the purchase, and activating the different loyalty components that are enabled for that operation, either by the merchant or by the Username.
  • Figure 1 which shows a general diagram of the process
  • the owner of the establishment or commerce 1 online or in-person store
  • the web entering their personal data and bank details (eg credit card) with which it will operate, which are sent 102 to a merchant database 7.
  • This establishment will be given an ID with which it can later be identified in debit / credit operations.
  • Merchant 1 installs the system in your establishment, which can be a mobile application, a module for your online store, your usual POS, or a POS through a web browser that you access with a user account.
  • the system includes an application (access via web services) with which this registration process can be carried out and all sales and transaction data query operations. The first time you access you must enter your trade code and your password.
  • the user or consumer 2 also completes a registration process 104 on the system by entering the personal data a first and only time. It is necessary that the user provides a minimum set of data during the registration process on the platform (title, name, n and mobile phone and data card or cards you want to link to the system and other relevant data) which are sent 106 to a user database 6. Once said process is finished, the user receives an activation code linked to his registration (alphanumeric ID that will allow the user to be identified).
  • the user downloads a mobile application from the application store corresponding to the operating system installed on the mobile. He installs it on his device and the first time the user opens the application he is asked for his mobile number and the activation code received. This code will be required only and exclusively during the initial initialization of the client application, ceasing to be valid once used and with the aim of Verify that the registration operation is correct during the client / server synchronization process.
  • the mobile application asks you to enter a PIN twice for protection reasons of the application. This is the only time when data connection is required to carry out such synchronization. This process will not need to be repeated at any other time.
  • the user executes his mobile application, enters the PIN and obtains an OTP code of a single use and valid for a short period of time, which will allow him to authorize a certain financial transaction of credit, debit, prepaid and / or redemption of discount coupons or similar.
  • OTP code the user can select the desired discount coupon, within the loyalty program, or the card with which to perform the operation.
  • the user In the case of a transaction in electronic commerce, the user enters this OTP code and his mobile number in the virtual POS of the online store.
  • the store manager enters the OTP and the mobile number manually in their sales system, or this introduction can be automatic by establishing the transmission via Bluetooth, by QR Codes or BIDI, by NFC or any other similar system, in which case it is not necessary to grant the mobile number.
  • This step can be carried out in two ways: a) The user enters the purchase amount into the application before requesting the OTP code, which means an electronic signature mode by associating the OTP code with the purchase amount. The merchant also introduces it and then the quantities on the server are compared. This means an increase in security. b) The user obtains the OTP without previously entering the amount of the purchase in the application, which allows the transaction to be carried out but without obtaining an electronic signature of the operation.
  • the user only if requested, receives a message on the mobile with the confirmation of their purchase.
  • This purchase process does not require an Internet connection on the user's mobile.
  • the platform analyzes the user's purchasing pattern and applying different artificial intelligence algorithms, learns from the customer's needs by providing the merchant with future proposals for customer offers to motivate their return to trade.
  • the application will automatically close once the OTP has been generated or is open in a configurable time and requests the user's PIN again.
  • the token generation application on the mobile device 4 has been developed using JAVA programming language (J2ME), as well as the SDK (software development kit) of the manufacturers of the main operating systems supported by the mobile devices. It is an own tokenization algorithm based on the two force factor algorithm (http://motp.sourceforge.net/), which generates valid keys only for a certain time, can be adapted to each of the users and which once used will not be valid again. Additionally, a security layer has been added to the application itself for access control. These developments have supported robustness tests against different types of attacks, as defined by international security standards. The algorithm complies with the PKCS (Public-key Cryptography Standars) standards published by RSA.
  • PKCS Public-key Cryptography Standars
  • the system has an application (access via web services) for the commercial establishment, with which this registration process and all sales operations, query of transaction data and access to the functions of loyalty
  • the sales terminal 5 of the merchant makes a secure data connection (encrypted) and sends 108 to the central server 8 via https (following Internet connection standards) the user data ⁇ token and mobile phone) and the merchant data ( trade identifier and token) in addition to the amount receivable, in the case of a purchase.
  • the token and mobile number are sufficient.
  • Authentication is based on two factors: something that the user knows (the PIN that you enter in the application) and something that the user owns (a secret number "stored on the mobile device).
  • Server 8 knows both the user's PIN and the secret number stored in the mobile device, so it is able to verify the validity of the received OTP code. Therefore, the algorithm for generating the token is duplicated both within the mobile device and on server 8.
  • the server 8 acts as an intermediary between the establishment (web or physical store) and the payment means gateway 9, and in which the information related to users (user database 6) and establishments (merchant database) resides 7), and user identification data, token or OTP code and purchase amount.
  • the data connection 108 between the merchant 1 and the central server 8 is necessary.
  • the payment method gateway 9 which is the one that maintains the information related to credit cards, bank accounts and therefore that must comply with the PCI DSS 2.0 security regulations, required in these cases.
  • the dual user identification and associated card or bank account are carried out, in both cases and the corresponding debit operations are carried out 1 12 with the issuing bank 10 and credit 1 14 with the acquiring bank 1 1.
  • Payment can also be made through points earned through the loyalty system.
  • the payment medium gateway 9 checks with a loyalty program server 14 if the user has enough points.
  • Said server 14 has a database with the accumulated points of each user.
  • the payment means gateway 9 sends the amount to the loyalty program server 14, which subtracts the points from the user's point account and returns a correct operation code.
  • the system records the transaction in the system, generates a ticket, sends an email of the purchase made to the user and returns a correct operation message.
  • the loyalty program server 14 also manages coupons and discounts, and employs artificial intelligence methods to learn from consumer habits.
  • the software developments of the web services meet the requirements established by the establishment or trade 1, and those necessary for the interlocution with the payment method gateway 9.
  • the application of the sales terminal 5 receives all the information related to the purchase (establishment ID and password, purchase amount, as well as the user's mobile number and token). This allows at no time to "travel" sensitive user data such as name or payment card number, which gives greater security to the operation in the event that MiM attacks can occur ("Man in the Middle"), among others.
  • the payment method gateway 9 will authorize or not the operation depending on the availability of balance, or any other reason, and will issue the corresponding confirmation messages.
  • the transaction database 12 is associated with a transaction module where they are managed, establishing functionalities and protocols for the different cases that may occur in the different operations (erroneous transactions, returns, correct transactions, charges to shops, etc.).
  • the system has a module 13 responsible for generating billing. It should be taken into account that the billing is linked to the loyalty system, so that this module is able to manage key points such as VAT of the points received by different merchants, the return and management of points in cases of return of product, etc. After confirmation of operation 1 18, the corresponding points are recorded in the loyalty system. The system returns the conformity of the transaction to the merchant and sends the ticket to the user through email, SMS, or other format.
  • the system invoices each merchant for a predetermined period of time based on the point exchange balance, and 120 is acquired from the acquiring bank 1 1 of the commercial establishment.
  • the loyalty module As for the loyalty module, it has been developed based on new techniques based on artificial intelligence for search optimization in large amounts of data and its management, improving the loyalty system and being the system capable of learning from purchases that customers usually do, being able to anticipate their own needs.
  • the technique used is a combination of neural network algorithms, genetic algorithms and swarm intelligence techniques.
  • the loyalty system not only generates the corresponding points of the transaction, but also through different algorithms, learns from the customs and needs of the customers. It is a tool for measuring and analyzing the habits of the users of the gateway that provides information that, complemented with the search features, provides the entrepreneur with the customer intelligence ("customer intelligence") that he needs and which does not You currently have access.
  • the set is built in a web environment, with restricted access where the tokens themselves are used for secure access. All the developments have been made in web programming language to allow remote user access.
  • the data is integrated into an online panel where SMEs can access with their credentials and obtain their reports and personalized data, finding everything necessary for the proper management of the business, in terms of market and consumer intelligence.
  • Figure 2 shows an example of a purchase process according to the method of the present invention.
  • the purchase amount 200 is entered.
  • 204 is checked if the data is correct, in which case the issuing bank 206 is charged. It is checked if the payment is correct 208. If not, operation 210 is canceled; in a positive case, the payment is made to the acquiring bank 212.
  • 214 is checked if the latter has been made correctly. Otherwise, operation 216 is canceled. If the payment has been made correctly, the points are awarded to user 218 and the delivery of the corresponding ticket 220, ending the purchase process.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention relates to a mobile payment system and method, said system comprising: a mobile device (4) having an application for generating tokens according to an item of temporal data that determines the expiration date of the token, a user password and a secret number stored in the mobile device; and a point-of-sale terminal (5) of a business (1), for receiving the token, user identification data and the amount of the purchase, and for sending (108) said information to a server (8). The server (8): accesses a user database (6) to validate the token and retrieve bank information to carry out the payment; accesses a business database (7) to retrieve bank information in order to credit the business (1); and sends the payment order to a payment gateway (9).

Description

SISTEMA Y MÉTODO DE PAGO MEDIANTE DISPOSITIVO MÓVIL  SYSTEM AND PAYMENT METHOD THROUGH MOBILE DEVICE

DESCRIPCIÓN Campo de la invención DESCRIPTION Field of the invention

La invención se encuadra en el sector de las Tecnologías de la Información y las Comunicaciones (TICs) con especialización en tecnologías enfocadas a la mejora de la seguridad, la funcionalidad y las comunicaciones en el ámbito de los dispositivos móviles. Antecedentes de la invención  The invention is part of the Information Technology and Communications (ICT) sector with a specialization in technologies focused on improving security, functionality and communications in the field of mobile devices. Background of the invention

El avance de las tecnologías de la información y de las comunicaciones ha provocado un aumento en las funcionalidades de los dispositivos móviles, permitiendo actualmente su uso como herramienta de autenticación y pago. En este sentido, han aparecido diversos sistemas de pago por móvil cuya tecnología y procedimientos difieren claramente de la invención propuesta, en términos de independencia de operadoras y entidades financieras, flexibilidad y seguridad.  The advancement of information and communications technologies has led to an increase in the functionalities of mobile devices, currently allowing its use as an authentication and payment tool. In this sense, various mobile payment systems have appeared whose technology and procedures clearly differ from the proposed invention, in terms of independence of operators and financial institutions, flexibility and security.

Existen sistemas basados en el intercambio de mensajes SMS entre el móvil del cliente y el terminal del comercio, que deriva en una mayor demora en la ejecución de la operación. Otros sistemas requieren de un hardware específico que ha de integrarse en el dispositivo móvil, bien mediante un sistema de lector de tarjetas conectado a la entrada de los auriculares del dispositivo para transformarlo en un TPV (terminal punto de venta), bien utilizando tecnología NFC ("Near Field Communication"), tecnología de comunicación inalámbrica de corto alcance y alta frecuencia que permite el intercambio de datos entre dispositivos a menos de 10 cm. Este sistema requiere el cambio de todos los TPVs en los comercios y de nuevos modelos de dispositivos móviles que integren el correspondiente chip. There are systems based on the exchange of SMS messages between the customer's mobile and the merchant's terminal, which results in a longer delay in the execution of the operation. Other systems require specific hardware to be integrated into the mobile device, either through a card reader system connected to the input of the device's headphones to transform it into a POS (point of sale terminal), or using NFC technology ( "Near Field Communication"), short-range and high-frequency wireless communication technology that allows data exchange between devices within 10 cm. This system requires the change of all POS terminals in stores and new models of mobile devices that integrate the corresponding chip.

Por otro lado, diversas compañías proveedores de servicios de telecomunicaciones en otros países han optado por sistemas que permiten cargar los pagos realizados a la cuenta del móvil utilizado por el usuario, así como a cualquier tipo de tarjeta previamente asociada con su cuenta, pero siempre dependiendo del operador de telefonía, y por tanto solo utilizable para realizar micropagos. En cuanto a los sistemas de autenticación, la identificación a través de los sistemas de doble factor (basados en algo que el usuario posee y en algo que el usuario conoce), constituyen actualmente uno de los mecanismos más fiables de protección de datos personales en entornos tales como el comercio electrónico o la realización de operaciones en banca, como es el caso de transferencias o consultas. Los sucesivos problemas de usurpación de identidad en la web, robo de información capturada en Internet durante la transmisión de informaciones, phishing, así como virus, troyanos, etc., han empujado al tratamiento de la información de la forma más protegida posible, ya que los riesgos de seguridad afectan a cualquier tipo de transacción por internet, e incluso a otro tipo de problemas derivados de la suplantación. Por ello, se han delineado actualmente dos formas principales de identificación de usuarios: On the other hand, several companies that provide telecommunications services in other countries have opted for systems that allow payments to be made to the mobile account used by the user, as well as to any type of card previously associated with your account, but always depending of the telephone operator, and therefore only usable to make micropayments. As for authentication systems, identification through double factor systems (based on something the user owns and something the user knows), constitute Currently one of the most reliable mechanisms for personal data protection in environments such as electronic commerce or banking operations, such as transfers or inquiries. The successive problems of identity theft on the web, theft of information captured on the Internet during the transmission of information, phishing, as well as viruses, Trojans, etc., have pushed the treatment of the information in the most protected way possible, since Security risks affect any type of internet transaction, and even other problems arising from impersonation. Therefore, two main forms of user identification have been delineated:

• De un lado, el software vinculado con claves OTP ("One Time Password"), en el que la aplicación correspondiente genera claves válidas sólo para una operación concreta y con caducidad temporal. • On the one hand, the software linked with OTP ("One Time Password") keys, in which the corresponding application generates valid keys only for a specific operation and with temporary expiration.

• De otro lado, los software vinculados con la identificación y validación biométrica, es decir, especializados en técnicas de reconocimiento de seres humanos basados en uno o más rasgos conductuales o físicos intrínsecos, como pueden ser las huellas dactilares, las retinas o la geometría de las manos. • On the other hand, software linked to biometric identification and validation, that is, specialized in human recognition techniques based on one or more intrinsic behavioral or physical features, such as fingerprints, retinas or the geometry of hands.

De los dos, el primero es más aceptable por los usuarios, ya que no implica tanta invasión en el área personal de los usuarios como puede ser con el reconocimiento biométrico y es bastante más accesible. Además, como inconveniente para los sistemas basados en biometría, el uso de tecnologías biométricas fiables complica el actual hardware de los dispositivos, ya que dependiendo de la tecnología biométrica elegida, ni siquiera el hardware actual puede soportarla con una fiabilidad suficiente. Of the two, the first is more acceptable by users, since it does not imply as much invasion in the personal area of users as it can be with biometric recognition and is much more accessible. In addition, as an inconvenience for biometrics-based systems, the use of reliable biometric technologies complicates the current hardware of the devices, since depending on the chosen biometric technology, even the current hardware cannot support it with sufficient reliability.

Hasta hace poco tiempo, se han utilizado dispositivos token, consistentes en un pequeño hardware que se le otorgaba a un determinado usuario autorizado de un servicio informatizado, para facilitar el proceso de autenticación. Until recently, token devices have been used, consisting of small hardware that was granted to a specific authorized user of a computerized service, to facilitate the authentication process.

Con el avance de las nuevas tecnologías, este tipo de dispositivos ha sido sustituido por programas de generación de códigos OTP desarrollados a partir de algoritmos de tokenización, y están ampliamente extendidos para distintas funcionalidades, especialmente en seguridad de acceso, pero no se utilizan para aplicarlo a un sistema combinado de autentificacion, pago y fidelizacion mediante dispositivos móviles, como es el caso de esta propuesta de invención. With the advancement of new technologies, this type of devices has been replaced by OTP code generation programs developed from tokenization algorithms, and they are widely used for different functionalities, especially in access security, but they are not used to apply it. to a combined system of authentication, payment and loyalty through mobile devices, as is the case with this invention proposal.

En los documentos de patente CO20090025571 , US2012173431 , US2008103984, BRPI0701637 se divulgan sistemas de autenticación y realización de transacciones mediante códigos de un solo uso, pero en el que el token es generado y enviado al usuario mediante SMS y/o correo electrónico, a diferencia de la presente propuesta de invención, en la que el token es generado en el propio dispositivo móvil, mediante una aplicación instalada en el mismo. In the patent documents CO20090025571, US2012173431, US2008103984, BRPI0701637, authentication and transaction systems are disclosed using single-use codes, but in which the token is generated and sent to the user via SMS and / or email, unlike of the present invention proposal, in which the token is generated in the mobile device itself, by means of an application installed therein.

En el documento de patente GB2425621 , también se observa la utilización de tokens para autorizar pagos en comercios, pero a través de un hardware propio y con un proceso diferente al desarrollado en la presente invención. En referencia al documento de patente AU2010300674, relativo a la arquitectura para una aplicación de pago por móvil, ésta no utiliza códigos dinámicos y propone el uso de la tarjeta SIM para el almacenamiento de los datos bancarios. In the GB2425621 patent document, the use of tokens to authorize payments in shops is also observed, but through its own hardware and with a different process than the one developed in the present invention. In reference to patent document AU2010300674, relating to the architecture for a mobile payment application, it does not use dynamic codes and proposes the use of the SIM card for the storage of bank data.

El documento de patente MX200901 1633 tampoco refleja la utilización del token para su aplicación de pago, utilizando otro tipo de codificación propio compuesto por 16 dígitos. Además, plantea la tecnología RFID (radiofrecuencia de identificación) como medio para la emisión de la información y posterior lectura de la información de la transacción, lo que requiere la instalación de un tag en el dispositivo móvil, además de un lector en el establecimiento del comercio. The patent document MX200901 1633 also does not reflect the use of the token for its payment application, using another type of own coding composed of 16 digits. In addition, it proposes RFID (radiofrequency identification) technology as a means for the issuance of information and subsequent reading of the transaction information, which requires the installation of a tag on the mobile device, in addition to a reader in the establishment of the Commerce.

En el caso del documento de patente WO2012003842, es necesaria la conexión entre varios dispositivos. La transacción se realiza con lo que se denomina "crédito telefónico" que posteriormente es canjeado en efectivo, y es necesaria una conexión telefónica entre el usuario y el receptor del pago. In the case of WO2012003842, the connection between several devices is necessary. The transaction is made with what is called "telephone credit" which is subsequently exchanged in cash, and a telephone connection between the user and the payment recipient is necessary.

En el caso del documento de patente WO201 1 127354, se utiliza el token para validar la transacción, pero tanto el usuario como el comercio necesitan conexión a internet ya que ambos tienen que validarse, a diferencia del sistema propuesto, que no requiere dicha conexión para el usuario. In the case of patent document WO201 1 127354, the token is used to validate the transaction, but both the user and the merchant need internet connection since both have to be validated, unlike the proposed system, which does not require such a connection to the user.

En cuanto al documento de patente US2008154772, el sistema plantea que el pagador lanza un mensaje desde su móvil con la información del producto que desea pagar (tipo y cantidad de producto) a un beneficiario. El sistema analiza ese mensaje y toma los datos del pagador (cuenta, etc..) traduciendo posteriormente los datos para saber a quién debe pagar. Opcionalmente, si el pagador lo tiene activo, el sistema le envía un password para que confirme dicho pago. En este caso, quien inicia el proceso es el pagador, mientras que en el sistema propuesto el beneficiario es el que arranca el proceso de compra y solicita al pagador una confirmación a través del token. As for US2008154772, the system states that the payer launch a message from your mobile with the product information you want to pay (type and quantity of product) to a beneficiary. The system analyzes that message and takes the payer's data (account, etc.), subsequently translating the data to know who should pay. Optionally, if the payer has it active, the system sends you a password to confirm that payment. In this case, the payer starts the process, while in the proposed system the beneficiary is the one who starts the purchase process and asks the payer for confirmation through the token.

Descripción de la invención Description of the invention

La invención se refiere a un sistema y método de pago por medio de dispositivo móvil, mediante la generación de códigos OTP que combina la creación de una plataforma certificada de identificación y el desarrollo de una aplicación que se instala en el teléfono móvil o en el ordenador del usuario, que permite garantizar que la persona que realiza una operación es realmente la persona autorizada y auténtica. El sistema genera un código de seguridad único por transacción que actúa como identificador de la persona y que se valida contra un servidor. La base de la plataforma tiene, por tanto, dos componentes básicos; uno desarrollado y alojado en el servidor central y otro que deberá descargarse en los dispositivos de los usuarios, sea cual sea su sistema operativo. El sistema de pago mediante dispositivo móvil comprende: The invention relates to a system and method of payment by means of a mobile device, through the generation of OTP codes that combines the creation of a certified identification platform and the development of an application that is installed on the mobile phone or on the computer of the user, which guarantees that the person who performs an operation is really the authorized and authentic person. The system generates a unique security code per transaction that acts as the person's identifier and is validated against a server. The base of the platform has, therefore, two basic components; one developed and hosted on the central server and another that must be downloaded to users' devices, whatever their operating system. The mobile payment system includes:

- un dispositivo móvil con una aplicación de generación de tokens configurada para generar un token de un único uso y válido durante un período de tiempo determinado, el token generado en función al menos de un dato temporal que determina la caducidad del token, una contraseña de usuario y un número secreto almacenado en el dispositivo móvil;  - a mobile device with a token generation application configured to generate a single-use token and valid for a certain period of time, the token generated based on at least one temporary data that determines the expiration of the token, a password for user and a secret number stored on the mobile device;

- un terminal de venta de un comercio, encargado de recibir el token generado por el dispositivo móvil, datos de identificación del usuario y el importe de la compra realizada por el usuario, y remitir dicha información, junto con datos de identificación del comercio, a un servidor;  - a sales terminal of a merchant, in charge of receiving the token generated by the mobile device, user identification data and the amount of the purchase made by the user, and forwarding said information, together with merchant identification data, to A server;

- el servidor, sincronizado temporalmente con el dispositivo móvil y encargado de:  - the server, temporarily synchronized with the mobile device and in charge of:

· acceder a una base de datos de usuarios para:  · Access a user database to:

obtener, a partir de los datos de identificación del usuario, la contraseña de usuario y el número secreto almacenado en el dispositivo móvil, y validar el token recibido a partir de dicha información y el instante actual;  obtain, from the user identification data, the user password and the secret number stored in the mobile device, and validate the token received from said information and the current moment;

obtener información bancaria para efectuar el pago del importe de la compra por parte del usuario; • acceder a una base de datos de comercios para obtener, a partir de los datos de identificación del comercio, información bancaria para efectuar el abono del importe de la compra; obtain bank information to make the payment of the purchase amount by the user; • access a database of merchants to obtain, based on the identification data of the merchant, bank information to make the payment of the purchase amount;

• enviar a una pasarela de medio de pago la orden de pago con información para realizar el pago y abono del importe de la compra.  • send the payment order with information to make the payment and payment of the purchase amount to a payment method gateway.

El sistema puede comprender además un servidor del programa de fidelización, encargado de la gestión de las cuentas de puntos de los usuarios y de la gestión del pago de la compra mediante puntos o cupones de descuento. The system can also comprise a loyalty program server, responsible for managing user points accounts and managing the payment of the purchase through discount points or coupons.

El número secreto almacenado en el dispositivo móvil es un número generado en el momento de la instalación de la aplicación de generación de tokens en el dispositivo móvil. The secret number stored in the mobile device is a number generated at the time of installing the token generation application on the mobile device.

El dispositivo móvil es preferentemente un teléfono móvil, en cuyo caso los datos de identificación del usuario incluyen el número del teléfono móvil. The mobile device is preferably a mobile phone, in which case the user identification data includes the mobile phone number.

Los datos de identificación del comercio comprenden preferiblemente un identificador del comercio y una contraseña. La aplicación de generación de tokens puede estar configurada para generar el token en función también del importe de la compra, asociando de esta forma el token con el importe de compra. The merchant identification data preferably comprises a merchant identifier and a password. The token generation application can be configured to generate the token based also on the purchase amount, thus associating the token with the purchase amount.

Otro aspecto de la presente invención se refiere a un método de pago mediante dispositivo móvil, que comprende: Another aspect of the present invention relates to a method of payment by mobile device, comprising:

- generar, a partir de una aplicación de generación de tokens instalada en un dispositivo móvil, un token de un único uso y válido durante un período de tiempo determinado en función al menos de un dato temporal que determina la caducidad del token, una contraseña de usuario y un número secreto almacenado en el dispositivo móvil;  - generate, from a token generation application installed on a mobile device, a single-use token that is valid for a certain period of time based on at least one temporary data that determines the expiration of the token, a password for user and a secret number stored on the mobile device;

- enviar a un servidor, el cual está sincronizado temporalmente con el dispositivo móvil, dicho token, datos de identificación del usuario, el importe de la compra realizada por el usuario y datos de identificación del comercio donde se realiza la compra;  - send to a server, which is temporarily synchronized with the mobile device, said token, user identification data, the amount of the purchase made by the user and identification data of the store where the purchase is made;

- acceder el servidor a una base de datos de usuarios para:  - access the server to a user database to:

• obtener, a partir de los datos de identificación del usuario, la contraseña de usuario y el número secreto almacenado en el dispositivo móvil, y validar el token recibido a partir de dicha información y el instante actual; • obtener el servidor información bancaria para efectuar el pago del importe de la compra por parte del usuario; • obtain, based on the user identification data, the user password and the secret number stored in the mobile device, and validate the token received from said information and the current moment; • obtain the server banking information to make the payment of the purchase amount by the user;

- acceder el servidor a una base de datos de comercios para obtener, a partir de los datos de identificación del comercio, información bancaria para efectuar el abono del importe de la compra;  - access the server to a database of merchants to obtain, from the identification data of the merchant, bank information to make the payment of the purchase amount;

- enviar a una pasarela de medio de pago la orden de pago con información para realizar el pago y abono del importe de la compra.  - send the payment order with information to make the payment and payment of the purchase amount to a payment method gateway.

El pago se puede realizar también mediante puntos o mediante cupones de descuento obtenidos en un programa de fidelizacion. Payment can also be made through points or through discount coupons obtained in a loyalty program.

Este sistema seguro y certificado permite al usuario garantizar su identificación con un funcionamiento similar al de un dispositivo token, siendo una solución instalable en el dispositivo móvil o PC y no en un elemento hardware adicional. This secure and certified system allows the user to guarantee their identification with an operation similar to that of a token device, being an installable solution in the mobile device or PC and not in an additional hardware element.

El usuario final accede a la aplicación instalada en el dispositivo mediante un PIN. Una vez arrancada la aplicación, ésta genera una clave única cada vez que se solicita, y dicha clave deberá ser introducida en el sistema/proceso correspondiente para autorizar la operación. El sistema cuenta con una aplicación (acceso por servicios web) para el establecimiento comercial, con la cual puede realizarse todas las operaciones de venta, consulta de datos de transacciones y operaciones relacionadas con la fidelizacion. A través de ese servicio se realiza una conexión segura de datos (encriptada) y se envían al servidor central, los datos de usuario {token y teléfono móvil) y los datos del comercio (ID del comercio y contraseña) además de la cantidad a cobrar, en el caso de una compra. Este servidor actúa de intermediario entre el establecimiento (tienda web o física) y la pasarela de medios de pago, y en el que reside la información sensible relativa a usuarios y establecimientos, y los datos de identificación de usuario, token o código OTP e importe de la compra. Una vez confirmada la transacción por parte de los bancos emisor y adquiriente, la información se registra en la base de datos de transacciones, lanzando un conjunto de operaciones de fidelizacion asociadas a dicha operación. Algunas de estas operaciones son activadas por el comercio y otras son habilitadas por el propio usuario. Las nuevas ventajas que presentan hoy en día las tecnologías de la información y comunicación en general, y los dispositivos móviles en particular, hacen deseable la utilización de dichos dispositivos (teléfonos y tabletas) para acceder a multitud de servicios sin llevar consigo tarjetas de operaciones (pago -débito o crédito-, de fidelización, identificación, etc.) y evitar la necesidad de manejar y recordar multitud de contraseñas con la inseguridad que su uso conlleva. Además, siendo una realidad global que cada día cobra mayor relevancia, el comercio electrónico experimenta un freno considerable para su crecimiento que reside en la falta de confianza del usuario. De manera general, la construcción de este concepto está siendo realizada por dos vectores: el establecimiento de servicios post venta y la adopción de mecanismos que mejoren la seguridad en el pago. La presente propuesta de invención atiende a esta segunda necesidad del mercado, elevando la seguridad del pago en comercio electrónico dentro de un entorno tecnológico en movimiento con aparición de nuevos dispositivos y de nuevos comportamientos del consumidor. The end user accesses the application installed on the device using a PIN. Once the application has been started, it generates a unique password each time it is requested, and the password must be entered in the corresponding system / process to authorize the operation. The system has an application (access via web services) for the commercial establishment, with which all sales operations, querying transaction data and loyalty-related operations can be performed. Through this service a secure data connection (encrypted) is made and the user data {token and mobile phone) and the merchant data (merchant ID and password) are sent to the central server, in addition to the amount to be charged , in the case of a purchase. This server acts as an intermediary between the establishment (web or physical store) and the payment gateway, and in which the sensitive information related to users and establishments, and user identification data, token or OTP code and amount reside of the purchase. Once the transaction is confirmed by the issuing and acquiring banks, the information is recorded in the transaction database, launching a set of loyalty operations associated with said operation. Some of these operations are activated by the merchant and others are enabled by the user. The new advantages presented today by information and communication technologies in general, and mobile devices in particular, make it desirable to use of such devices (phones and tablets) to access many services without carrying business cards (payment - debit or credit -, loyalty, identification, etc.) and avoid the need to manage and remember many passwords with the insecurity that its use entails. In addition, being a global reality that becomes more important every day, e-commerce experiences a considerable brake on its growth that lies in the lack of user confidence. In general, the construction of this concept is being carried out by two vectors: the establishment of post-sale services and the adoption of mechanisms that improve payment security. The present invention proposal addresses this second need of the market, raising the security of payment in electronic commerce within a moving technological environment with the appearance of new devices and new consumer behaviors.

Esta solución permite realizar pagos en los comercios sin necesidad de tener que llevar consigo tarjetas de crédito, realizar pagos en comercios on Une y venta telefónica de forma segura y, sin necesidad de introducir los datos de la tarjeta de crédito, realizar un solo pago en tiendas on Une multicomercio, y beneficiarse de un sistema de puntos, descuentos y promociones por la utilización del sistema gracias a su modelo de fidelización. Asimismo, todo esto es posible en cualquier modelo de dispositivo móvil e independiente de la compañía telefónica, y su utilización no precisa de cobertura telefónica ni de internet. This solution allows you to make payments in stores without having to carry credit cards with you, make payments in shops on Une and phone sales in a secure way and, without entering the credit card data, make a single payment in stores on a multicomercio, and benefit from a system of points, discounts and promotions for the use of the system thanks to its loyalty model. Likewise, all this is possible in any mobile device model and independent of the telephone company, and its use does not require telephone or internet coverage.

El sistema y método propuesto supone una mejora significativa en términos de seguridad, fiabilidad, flexibilidad, usabilidad, accesibilidad y agilidad en los procesos que integran la identificación de usuarios y en la realización de transacciones de pago y fidelización (administración y canje de cupones), entre otras. The proposed system and method represents a significant improvement in terms of security, reliability, flexibility, usability, accessibility and agility in the processes that integrate the identification of users and in the realization of payment and loyalty transactions (administration and exchange of coupons), among other.

Se trata de un sistema que incluye una aplicación instalada en el móvil que, a través de la generación de un OTP que se denomina token, lo convierte en una llave para realizar una gran variedad de servicios, mediante la generación de contraseñas seguras y válidas solo durante un corto periodo de tiempo. It is a system that includes an application installed on the mobile that, through the generation of an OTP that is called a token, makes it a key to perform a wide variety of services, by generating secure and valid passwords only for a short period of time.

Se emplea un generador de un identificador o token (OTP) desde un dispositivo móvil mediante el uso de un algoritmo que permite la identificación inequívoca del usuario, sin la necesidad en ningún caso de cobertura de comunicaciones (3G, 3,5G, 4G, GPRS, etc.). El token puede ser generado en cualquier momento, desde cualquier lugar. También se emplea una infraestructura para gestionar dicho token a lo largo de todo el proceso de forma transparente, preservando en todo momento el anonimato absoluto del usuario que realiza la transacción y manteniendo la compatibilidad con lo existente. De esta forma, la presente invención introduce nuevas mejoras dentro del proceso, como por ejemplo mayor seguridad en las operaciones de pagos presenciales y no presenciales, al no existir datos que identifiquen de forma directa al usuario. Por otra parte mejora la usabilidad del proceso al permitir realizar pagos en entornos donde la cobertura de comunicaciones pueda suponer un problema (ambientes sin cobertura de datos, como aviones). También deriva en una mayor agilidad en los procesos de pago presenciales cuando por determinadas causas pueda existir una saturación en las redes de terminales de pago (campañas navideñas, etc). Y por último, y de una forma indirecta, supone una mayor seguridad física para el usuario al no tener que portar consigo tarjetas de crédito. Breve descripción de los dibujos A generator of an identifier or token (OTP) is used from a mobile device through the use of an algorithm that allows the unequivocal identification of the user, without the need in any case of communications coverage (3G, 3.5G, 4G, GPRS , etc.). The token can be generated at any time, from anywhere. An infrastructure is also used to manage said token throughout the entire process in a transparent manner, preserving at all times the absolute anonymity of the user who performs the transaction and maintaining compatibility with the existing. In this way, the present invention introduces new improvements in the process, such as, for example, greater security in the operations of face-to-face and non-face-to-face payments, since there is no data that directly identifies the user. On the other hand, it improves the usability of the process by allowing payments to be made in environments where communications coverage can be a problem (environments without data coverage, such as airplanes). It also leads to greater agility in face-to-face payment processes when due to certain causes there may be saturation in the payment terminal networks (Christmas campaigns, etc.). And finally, and indirectly, it means greater physical security for the user by not having to carry credit cards. Brief description of the drawings

A continuación se pasa a describir de manera muy breve una serie de dibujos que ayudan a comprender mejor la invención y que se relacionan expresamente con una realización de dicha invención que se presenta como un ejemplo no limitativo de ésta. La Figura 1 muestra un diagrama general del proceso.  A series of drawings that help to better understand the invention and that expressly relate to an embodiment of said invention which is presented as a non-limiting example thereof is described very briefly below. Figure 1 shows a general diagram of the process.

La Figura 2 muestra un caso de uso de un proceso de compra. Figure 2 shows a use case of a purchase process.

Descripción detallada de la invención Detailed description of the invention

La invención se refiere a un sistema y método de pago y fidelización que combina la creación de una plataforma certificada de identificación y el desarrollo de una aplicación que se instala en el teléfono móvil o en el ordenador del usuario, que permite garantizar que la persona que realiza una operación es realmente la persona autorizada y auténtica. El sistema genera un código de seguridad único por transacción que actúa como identificador de la persona y que se valida contra un servidor. La base de la plataforma tiene, por tanto, dos componentes básicos; uno desarrollado y alojado en el servidor central y otro que deberá descargarse en los dispositivos de los usuarios, sea cual sea su sistema operativo. The invention relates to a system and method of payment and loyalty that combines the creation of a certified identification platform and the development of an application that is installed on the mobile phone or on the user's computer, which ensures that the person who Perform an operation is really the authorized and authentic person. The system generates a unique security code per transaction that acts as the person's identifier and is validated against a server. The base of the platform has, therefore, two basic components; one developed and hosted on the central server and another that must be downloaded to users' devices, whatever their operating system.

Este sistema seguro y certificado permite al usuario garantizar su identificación con un funcionamiento similar al de un dispositivo token, siendo una solución instalable en el dispositivo móvil o PC y no en un elemento hardware adicional. El usuario final accede a la aplicación instalada en el dispositivo mediante un PIN. Una vez arrancada la aplicación, ésta genera una clave única cada vez que se solicita, y dicha clave deberá ser introducida en el sistema/proceso correspondiente para autorizar la operación. El sistema central reconoce la relación número de teléfono y número de token, permitiendo comprobar la autenticidad de la persona y el importe de la compra, y activando los diferentes componentes de fidelización que estén habilitados para esa operación, bien por el comerciante o bien por el usuario. This secure and certified system allows the user to guarantee their identification with an operation similar to that of a token device, being an installable solution in the mobile device or PC and not in an additional hardware element. The end user accesses the application installed on the device using a PIN. Once the application has been started, it generates a unique password each time it is requested, and the password must be entered in the corresponding system / process to authorize the operation. The central system recognizes the relation telephone number and token number, allowing to verify the authenticity of the person and the amount of the purchase, and activating the different loyalty components that are enabled for that operation, either by the merchant or by the Username.

Según la Figura 1 , que muestra un diagrama general del proceso, el propietario del establecimiento o comercio 1 (tienda on line o presencial) se da de alta 100 en la plataforma del sistema de pago vía web, introduciendo sus datos personales y los datos bancarios (e.g. tarjeta de crédito) con los que va a operar, los cuales son enviados 102 a una base de datos de comercios 7. A dicho establecimiento se le facilitará un ID con el que posteriormente pueda ser identificado en las operaciones de adeudo / abono. According to Figure 1, which shows a general diagram of the process, the owner of the establishment or commerce 1 (online or in-person store) is registered 100 on the platform of the payment system via the web, entering their personal data and bank details (eg credit card) with which it will operate, which are sent 102 to a merchant database 7. This establishment will be given an ID with which it can later be identified in debit / credit operations.

El comercio 1 instala el sistema en su establecimiento, que puede ser una aplicación para móvil, un módulo para su tienda online, su TPV habitual, o un TPV a través de un navegador web a la que accede con cuenta de usuario. El sistema incluye una aplicación (acceso por servicios web) con la cual puede realizarse ese proceso de alta y todas las operaciones de venta y consulta de datos de transacciones. La primera vez que accede debe introducir su código de comercio y su contraseña. Merchant 1 installs the system in your establishment, which can be a mobile application, a module for your online store, your usual POS, or a POS through a web browser that you access with a user account. The system includes an application (access via web services) with which this registration process can be carried out and all sales and transaction data query operations. The first time you access you must enter your trade code and your password.

Asimismo, el usuario o consumidor 2 también completa vía web un proceso de alta 104 en el sistema introduciendo los datos personales una primera y única vez. Es necesario que el usuario facilite una serie de datos mínimos durante el proceso de registro en la plataforma (tratamiento, nombre, ne de teléfono móvil, así como los datos de tarjeta o tarjetas que desee vincular al sistema y otros datos de relevancia), los cuales son enviados 106 a una base de datos de usuarios 6. Una vez finalizado dicho proceso, el usuario recibe un código de activación vinculado a su registro (ID alfanumérico que permitirá identificar al usuario). Likewise, the user or consumer 2 also completes a registration process 104 on the system by entering the personal data a first and only time. It is necessary that the user provides a minimum set of data during the registration process on the platform (title, name, n and mobile phone and data card or cards you want to link to the system and other relevant data) which are sent 106 to a user database 6. Once said process is finished, the user receives an activation code linked to his registration (alphanumeric ID that will allow the user to be identified).

Por otra parte, el usuario se descarga desde la tienda de aplicaciones una aplicación móvil correspondiente al sistema operativo instalado en el móvil. La instala en su dispositivo y la primera vez que el usuario abre la aplicación se le pide su número de móvil y el código de activación recibido. Este código se requerirá única y exclusivamente durante la primera inicialización de la aplicación cliente, dejando de ser válido una vez usado y con el ánimo de verificar que la operación de alta es correcta, durante el proceso de sincronización cliente / servidor. La aplicación móvil solicita que introduzca dos veces un PIN por motivos de protección de la aplicación. Éste es el único momento en el que se requiere conexión de datos, para llevar a cabo dicha sincronización. Este proceso no será necesario repetirlo en ningún otro momento. On the other hand, the user downloads a mobile application from the application store corresponding to the operating system installed on the mobile. He installs it on his device and the first time the user opens the application he is asked for his mobile number and the activation code received. This code will be required only and exclusively during the initial initialization of the client application, ceasing to be valid once used and with the aim of Verify that the registration operation is correct during the client / server synchronization process. The mobile application asks you to enter a PIN twice for protection reasons of the application. This is the only time when data connection is required to carry out such synchronization. This process will not need to be repeated at any other time.

Durante el proceso de compra 3, el usuario ejecuta su aplicación móvil, introduce el PIN y obtiene un código OTP de un único uso y válido durante un corto periodo de tiempo, que le permitirá autorizar una determinada transacción financiera de crédito, débito, prepago y/o canjeo de cupones de descuento o similar. Antes de generar el código OTP, el usuario podrá seleccionar el cupón descuento deseado, dentro del programa de fidelización, o la tarjeta con la que realizar la operación. During the purchase process 3, the user executes his mobile application, enters the PIN and obtains an OTP code of a single use and valid for a short period of time, which will allow him to authorize a certain financial transaction of credit, debit, prepaid and / or redemption of discount coupons or similar. Before generating the OTP code, the user can select the desired discount coupon, within the loyalty program, or the card with which to perform the operation.

En el caso de una transacción en comercio electrónico, el usuario introduce este código OTP y su número de móvil en el TPV virtual de la tienda on-line. In the case of a transaction in electronic commerce, the user enters this OTP code and his mobile number in the virtual POS of the online store.

En el caso de una compra presencial, el responsable de la tienda introduce el OTP y el número de móvil manualmente en su sistema de ventas, o bien esta introducción puede ser automática estableciendo la transmisión por Bluetooth, por Códigos QR o BIDI, por NFC o cualquier otro sistema similar, en cuyo caso no es necesario otorgar el número de móvil. In the case of a face-to-face purchase, the store manager enters the OTP and the mobile number manually in their sales system, or this introduction can be automatic by establishing the transmission via Bluetooth, by QR Codes or BIDI, by NFC or any other similar system, in which case it is not necessary to grant the mobile number.

Este paso puede desarrollarse de dos formas: a) El usuario introduce el importe de la compra en la aplicación antes de solicitar el código OTP, lo que supone un modo de firma electrónica al asociar el código OTP al importe de la compra. El comercio también la introduce y posteriormente se comparan las cantidades en el servidor. Esto supone un aumento de seguridad. b) El usuario obtiene el OTP sin introducir previamente el importe de la compra en la aplicación, lo que permite realizar la transacción pero sin obtener firma electrónica de la operación. This step can be carried out in two ways: a) The user enters the purchase amount into the application before requesting the OTP code, which means an electronic signature mode by associating the OTP code with the purchase amount. The merchant also introduces it and then the quantities on the server are compared. This means an increase in security. b) The user obtains the OTP without previously entering the amount of the purchase in the application, which allows the transaction to be carried out but without obtaining an electronic signature of the operation.

El usuario, solamente si lo solicita, recibe un mensaje en el móvil con la confirmación de su compra. Este proceso de compra no requiere de conexión a Internet en el móvil del usuario. En ambas opciones, la plataforma analiza el patrón de compras del usuario y aplicando diferentes algoritmos de inteligencia artificial, aprende de las necesidades del cliente proporcionando al comerciante futuras propuestas de ofertas sobre clientes para motivar su vuelta al comercio. The user, only if requested, receives a message on the mobile with the confirmation of their purchase. This purchase process does not require an Internet connection on the user's mobile. In both options, the platform analyzes the user's purchasing pattern and applying different artificial intelligence algorithms, learns from the customer's needs by providing the merchant with future proposals for customer offers to motivate their return to trade.

Por motivos de seguridad, la aplicación se cerrará automáticamente una vez generado el OTP o estando abierta en un tiempo configurable y vuelve a solicitar el PIN del usuario. For security reasons, the application will automatically close once the OTP has been generated or is open in a configurable time and requests the user's PIN again.

La aplicación de generación de tokens sobre el dispositivo móvil 4 ha sido desarrollada utilizando lenguaje de programación JAVA (J2ME), así como los SDK (kit de desarrollo de software) de los fabricantes de los principales sistemas operativos soportados por los dispositivos móviles. Se trata de un algoritmo propio de tokenización basado en el algoritmo de dos factores de fuerza (http://motp.sourceforge.net/), que genera claves válidas sólo durante un cierto tiempo, se puede adaptar a cada uno de los usuarios y que una vez usado no volverá a ser válido. Adicionalmente se ha añadido una capa de seguridad a la propia aplicación para el control de acceso a la misma. Estos desarrollos han soportado las pruebas de robustez ante diferentes tipos de ataques, tal y como definen los estándares de seguridad internacionales. El algoritmo cumple con los estándares PKCS (Public-key Cryptography Standars) publicados por RSA. The token generation application on the mobile device 4 has been developed using JAVA programming language (J2ME), as well as the SDK (software development kit) of the manufacturers of the main operating systems supported by the mobile devices. It is an own tokenization algorithm based on the two force factor algorithm (http://motp.sourceforge.net/), which generates valid keys only for a certain time, can be adapted to each of the users and which once used will not be valid again. Additionally, a security layer has been added to the application itself for access control. These developments have supported robustness tests against different types of attacks, as defined by international security standards. The algorithm complies with the PKCS (Public-key Cryptography Standars) standards published by RSA.

Como se ha comentado anteriormente, el sistema cuenta con una aplicación (acceso por servicios web) para el establecimiento comercial, con la cual puede realizarse ese proceso de alta y todas las operaciones de venta, consulta de datos de transacciones y acceso a las funciones de fidelización. As previously mentioned, the system has an application (access via web services) for the commercial establishment, with which this registration process and all sales operations, query of transaction data and access to the functions of loyalty

El terminal de venta 5 del comercio realiza una conexión segura de datos (encriptada) y envía 108 al servidor central 8 por https (siguiendo los estándares de conexiones de Internet) los datos de usuario {token y teléfono móvil) y los datos del comercio (identificador del comercio y token) además de la cantidad a cobrar, en el caso de una compra. En el caso de un servicio de autentificación, basta con el token y el número de móvil. La autenticación se basa en dos factores: algo que el usuario conoce (el PIN que introduce en la aplicación) y algo que el usuario posee (un número secreto" almacenado en el dispositivo móvil). El servidor 8 conoce tanto el PIN del usuario como el número secreto almacenado en el dispositivo móvil, por lo que es capaz de comprobar la validez del código OTP recibido. Por tanto, el algoritmo para generar el token está duplicado tanto dentro del dispositivo móvil como en el servidor 8. The sales terminal 5 of the merchant makes a secure data connection (encrypted) and sends 108 to the central server 8 via https (following Internet connection standards) the user data {token and mobile phone) and the merchant data ( trade identifier and token) in addition to the amount receivable, in the case of a purchase. In the case of an authentication service, the token and mobile number are sufficient. Authentication is based on two factors: something that the user knows (the PIN that you enter in the application) and something that the user owns (a secret number "stored on the mobile device). Server 8 knows both the user's PIN and the secret number stored in the mobile device, so it is able to verify the validity of the received OTP code. Therefore, the algorithm for generating the token is duplicated both within the mobile device and on server 8.

El servidor 8 actúa de intermediario entre el establecimiento (tienda web o física) y la pasarela de medios de pago 9, y en el que reside la información relativa a usuarios (base de datos de usuarios 6) y establecimientos (base de datos de comercios 7), y los datos de identificación de usuario, token o código OTP e importe de la compra. En este caso sí que es necesaria la conexión de datos 108 entre el comercio 1 y el servidor central 8. Una vez realizadas una serie de verificaciones relacionadas con los identificadores de usuario y establecimiento, así como del token OTP generado por el usuario, la información es transferida a la pasarela de medio de pago 9, que es quien mantiene la información relativa a las tarjetas de crédito, cuentas de banco y por tanto la que debe cumplir con la normativa de seguridad PCI DSS 2.0, exigida en estos casos. En dicha pasarela 9 se procede a la identificación dual de usuario y tarjeta o cuenta bancaria asociada, en ambos casos y se realizan las correspondientes operaciones de adeudo 1 12 con el banco emisor 10 y de abono 1 14 con el banco adquiriente 1 1 . The server 8 acts as an intermediary between the establishment (web or physical store) and the payment means gateway 9, and in which the information related to users (user database 6) and establishments (merchant database) resides 7), and user identification data, token or OTP code and purchase amount. In this case, the data connection 108 between the merchant 1 and the central server 8 is necessary. Once a series of verifications related to the user identifiers and establishment, as well as the user-generated OTP token, have been carried out, the information It is transferred to the payment method gateway 9, which is the one that maintains the information related to credit cards, bank accounts and therefore that must comply with the PCI DSS 2.0 security regulations, required in these cases. In said gateway 9, the dual user identification and associated card or bank account are carried out, in both cases and the corresponding debit operations are carried out 1 12 with the issuing bank 10 and credit 1 14 with the acquiring bank 1 1.

El pago se puede realizar también mediante puntos obtenidos mediante el sistema de fidelización. Para ello la pasarela de medio de pago 9 comprueba con un servidor del programa de fidelización 14 si el usuario tiene puntos suficientes. Dicho servidor 14 dispone de una base de datos con los puntos acumulados de cada usuario. La pasarela de medio de pago 9 envía el importe al servidor del programa de fidelización 14, el cual resta los puntos de la cuenta de puntos del usuario y devuelve un código de operación correcta. El sistema registra la transacción en el sistema, genera un ticket, envía un email de la compra realizada al usuario y devuelve un mensaje de operación correcta. El servidor del programa de fidelización 14 también gestiona los cupones y descuentos, y emplea métodos de inteligencia artificial para aprender de los hábitos del consumidor. Los desarrollos software de los servicios web atienden a los requisitos establecidos por el establecimiento o comercio 1 , y aquellos necesarios para la interlocución con la pasarela de medio de pago 9. Es decir, la aplicación del terminal de venta 5 recibe toda la información relacionada con la compra (ID establecimiento y contraseña, importe de la compra, así como el número de móvil del usuario y el token). Esto permite que en ningún momento "viajen" los datos sensibles del usuario como nombre o el número de tarjeta de pago, lo que confiere mayor seguridad a la operación en el caso de que se puedan producir ataques de MiM ("Man in the Middle"), entre otros. Payment can also be made through points earned through the loyalty system. To do this, the payment medium gateway 9 checks with a loyalty program server 14 if the user has enough points. Said server 14 has a database with the accumulated points of each user. The payment means gateway 9 sends the amount to the loyalty program server 14, which subtracts the points from the user's point account and returns a correct operation code. The system records the transaction in the system, generates a ticket, sends an email of the purchase made to the user and returns a correct operation message. The loyalty program server 14 also manages coupons and discounts, and employs artificial intelligence methods to learn from consumer habits. The software developments of the web services meet the requirements established by the establishment or trade 1, and those necessary for the interlocution with the payment method gateway 9. That is, the application of the sales terminal 5 receives all the information related to the purchase (establishment ID and password, purchase amount, as well as the user's mobile number and token). This allows at no time to "travel" sensitive user data such as name or payment card number, which gives greater security to the operation in the event that MiM attacks can occur ("Man in the Middle"), among others.

Al tratarse de operaciones on-line, la pasarela de medio de pago 9 autorizará o no la operación en función de la disponibilidad de saldo, o cualquier otro motivo, y emitirá los correspondientes mensajes de confirmación. In the case of online operations, the payment method gateway 9 will authorize or not the operation depending on the availability of balance, or any other reason, and will issue the corresponding confirmation messages.

Una vez confirmada 1 16 la transacción por parte de los bancos emisor 10 y adquiriente 1 1 , la información se registra en la base de datos de transacciones 12. Esta base de datos está asociada a un módulo de transacciones donde se gestionan las mismas, estableciendo funcionalidades y protocolos para los diferentes casos que pueden darse en las distintas operaciones (transacciones erróneas, devoluciones, transacciones correctas, cobros a los comercios, etc.). Once the transaction has been confirmed 1 16 by the issuing and acquiring banks 1 1, the information is recorded in the transaction database 12. This database is associated with a transaction module where they are managed, establishing functionalities and protocols for the different cases that may occur in the different operations (erroneous transactions, returns, correct transactions, charges to shops, etc.).

Asimismo, el sistema cuenta con un módulo 13 encargado de generar la facturación. Se debe tener en cuenta que la facturación va vinculada al sistema de fidelizacion, por lo que dicho módulo es capaz de gestionar puntos claves como son el IVA de los puntos recibidos por los diferentes comercios, la devolución y gestión de puntos en los casos de devolución de producto, etc. Tras la confirmación de la operación 1 18, se registran los puntos correspondientes en el sistema de fidelizacion. El sistema devuelve la conformidad de la transacción al comercio y envía el ticket al usuario a través de correo electrónico, SMS, u otro tipo de formato. Also, the system has a module 13 responsible for generating billing. It should be taken into account that the billing is linked to the loyalty system, so that this module is able to manage key points such as VAT of the points received by different merchants, the return and management of points in cases of return of product, etc. After confirmation of operation 1 18, the corresponding points are recorded in the loyalty system. The system returns the conformity of the transaction to the merchant and sends the ticket to the user through email, SMS, or other format.

El sistema factura por un período de tiempo predeterminado a cada comercio en función del saldo de canje de puntos, y se liquida 120 al banco adquiriente 1 1 del establecimiento comercial. The system invoices each merchant for a predetermined period of time based on the point exchange balance, and 120 is acquired from the acquiring bank 1 1 of the commercial establishment.

En cuanto al módulo de fidelizacion, éste se ha desarrollado en base a nuevas técnicas basadas en inteligencia artificial para la optimización de búsquedas en grandes cantidades de datos y su gestión, mejorando en el sistema de fidelizacion y siendo el sistema capaz de aprender de las compras que hacen habitualmente los clientes, pudiendo adelantarse a las propias necesidades de éstos. La técnica utilizada es una combinación de algoritmos de redes neuronales, algoritmos genéticos y técnicas de inteligencia de enjambre ("swarm intelligence"). El sistema de fidelización no solo genera los puntos correspondientes de la transacción, si no que mediante diferentes algoritmos, aprende de las costumbres y necesidades de los clientes. Se trata de una herramienta de medición y análisis de los hábitos de los usuarios de la pasarela que proporciona una información que, complementada con las funcionalidades de búsqueda, facilita al empresario la inteligencia de clientes ("customer intelligence") que necesita y al cuál no tiene actualmente acceso. A través de un interfaz gráfico web desarrollado para dar acceso a los datos y movimientos tanto el establecimiento como el usuario tienen acceso en tiempo real a todos sus datos. Por otro lado, estos interfaces, que se han desarrollado como servicios web, permiten una fácil personalización según las necesidades del cliente. Para mejorar las consultas y la velocidad de las mismas, se emplea una arquitectura de servidores montados de manera distribuida lo que permite el lanzamiento paralelo de aplicaciones mejorando notablemente el acceso a la base de datos. As for the loyalty module, it has been developed based on new techniques based on artificial intelligence for search optimization in large amounts of data and its management, improving the loyalty system and being the system capable of learning from purchases that customers usually do, being able to anticipate their own needs. The technique used is a combination of neural network algorithms, genetic algorithms and swarm intelligence techniques. The loyalty system not only generates the corresponding points of the transaction, but also through different algorithms, learns from the customs and needs of the customers. It is a tool for measuring and analyzing the habits of the users of the gateway that provides information that, complemented with the search features, provides the entrepreneur with the customer intelligence ("customer intelligence") that he needs and which does not You currently have access. Through a graphic web interface developed to give access to data and movements, both the establishment and the user have real-time access to all their data. On the other hand, these interfaces, which have been developed as web services, allow easy customization according to customer needs. To improve the queries and their speed, a distributed server architecture is used, which allows the parallel launch of applications, notably improving access to the database.

El conjunto está construido en un entorno web, con acceso restringido donde se usan los propios tokens para el acceso seguro. Todos los desarrollos se han realizado en lenguaje de programación web para permitir el acceso remoto de los usuarios. The set is built in a web environment, with restricted access where the tokens themselves are used for secure access. All the developments have been made in web programming language to allow remote user access.

Los datos se integran en un panel on-line donde las pymes pueden acceder con sus credenciales y obtener sus informes y datos personalizados, encontrando todo lo necesario para la correcta gestión del negocio, en cuanto a inteligencia de mercado y consumidor. The data is integrated into an online panel where SMEs can access with their credentials and obtain their reports and personalized data, finding everything necessary for the proper management of the business, in terms of market and consumer intelligence.

La Figura 2 muestra un ejemplo de un proceso de compra de acuerdo al método de la presente invención. Primeramente, se produce la introducción del importe de compra 200. A continuación, se introduce el número de móvil y el token 202 obtenido mediante la aplicación instalada en el móvil (si se dispone de un lector de QR, la introducción de datos se producirá mediante lectura del mismo). Se comprueba 204 si los datos son correctos, en cuyo caso se procede al cobro del banco emisor 206. Se comprueba si el cobro es correcto 208. En caso negativo, se cancela la operación 210; en caso positivo, se produce el pago al banco adquiriente 212. A continuación se comprueba 214 si este último ha sido realizado correctamente. En caso contrario, se cancela la operación 216. Si el pago se ha realizado correctamente, se procede a la adjudicación de puntos al usuario 218 y el envío del correspondiente ticket 220, poniendo final al proceso de compra. Figure 2 shows an example of a purchase process according to the method of the present invention. First, the purchase amount 200 is entered. Next, you enter the mobile number and the token 202 obtained through the application installed on the mobile (if a QR reader is available, the data will be entered through reading of it). 204 is checked if the data is correct, in which case the issuing bank 206 is charged. It is checked if the payment is correct 208. If not, operation 210 is canceled; in a positive case, the payment is made to the acquiring bank 212. Next, 214 is checked if the latter has been made correctly. Otherwise, operation 216 is canceled. If the payment has been made correctly, the points are awarded to user 218 and the delivery of the corresponding ticket 220, ending the purchase process.

Claims

REIVINDICACIONES 1 . Sistema de pago mediante dispositivo móvil, caracterizado por que comprende: one . Payment system by mobile device, characterized in that it comprises: - un dispositivo móvil (4) con una aplicación de generación de tokens configurada para generar un token de un único uso y válido durante un período de tiempo determinado, el token generado en función al menos de un dato temporal que determina la caducidad del token, una contraseña de usuario y un número secreto almacenado en el dispositivo móvil;  - a mobile device (4) with a token generation application configured to generate a single-use token and valid for a certain period of time, the token generated based on at least one temporary data that determines the expiration of the token, a user password and a secret number stored on the mobile device; - un terminal de venta (5) de un comercio (1 ), encargado de recibir el token generado por el dispositivo móvil (4), datos de identificación del usuario y el importe de la compra realizada por el usuario, y remitir (108) dicha información, junto con datos de identificación del comercio (1 ), a un servidor (8);  - a sales terminal (5) of a merchant (1), in charge of receiving the token generated by the mobile device (4), user identification data and the amount of the purchase made by the user, and remitting (108) said information, together with trade identification data (1), to a server (8); - el servidor (8), sincronizado temporalmente con el dispositivo móvil (4) y encargado de:  - the server (8), temporarily synchronized with the mobile device (4) and in charge of: · acceder a una base de datos de usuarios (6) para:  · Access a user database (6) to: obtener, a partir de los datos de identificación del usuario, la contraseña de usuario y el número secreto almacenado en el dispositivo móvil (4), y validar el token recibido a partir de dicha información y el instante actual;  obtain, from the user identification data, the user password and the secret number stored in the mobile device (4), and validate the token received from said information and the current moment; obtener información bancaria para efectuar el pago del importe de la compra por parte del usuario;  obtain bank information to make the payment of the purchase amount by the user; • acceder a una base de datos de comercios (7) para obtener, a partir de los datos de identificación del comercio (1 ), información bancaria para efectuar el abono del importe de la compra;  • access a merchant database (7) to obtain, from the merchant identification data (1), bank information to pay the purchase amount; · enviar a una pasarela de medio de pago (9) la orden de pago con información para realizar el pago y abono del importe de la compra.  · Send the payment order with information to make the payment and payment of the purchase amount to a payment method gateway (9). 2. Sistema según la reivindicación 1 , caracterizado por que comprende un servidor del programa de fidelizacion (14), encargado de la gestión de las cuentas de puntos de los usuarios y de la gestión del pago de la compra mediante puntos o cupones de descuento. 2. System according to claim 1, characterized in that it comprises a loyalty program server (14), in charge of managing the user points accounts and managing the purchase payment by means of discount points or coupons. 3. Sistema según cualquiera de las reivindicaciones anteriores, caracterizado por que el número secreto almacenado en el dispositivo móvil es un número generado en el momento de la instalación de la aplicación de generación de tokens en el dispositivo móvil (4). 3. System according to any of the preceding claims, characterized in that the secret number stored in the mobile device is a number generated at the time of the installation of the token generation application in the mobile device (4). 4. Sistema según cualquiera de las reivindicaciones anteriores, caracterizado por que el dispositivo móvil es un teléfono móvil, y los datos de identificación del usuario incluye el número del teléfono móvil. 4. System according to any of the preceding claims, characterized in that the Mobile device is a mobile phone, and user identification data includes the mobile phone number. 5. Sistema según cualquiera de las reivindicaciones anteriores, caracterizado por que los datos de identificación del comercio (1 ) comprende un identificador del comercio (1 ) y una contraseña. 5. System according to any of the preceding claims, characterized in that the trade identification data (1) comprises a trade identifier (1) and a password. 6. Sistema según cualquiera de las reivindicaciones anteriores, caracterizado por que la aplicación de generación de tokens está configurada para generar el token en función también del importe de la compra, asociando de esta forma el token con el importe de compra. 6. System according to any of the preceding claims, characterized in that the token generation application is configured to generate the token based also on the purchase amount, thereby associating the token with the purchase amount. 7. Método de pago mediante dispositivo móvil, caracterizado por que comprende: 7. Payment method by mobile device, characterized in that it comprises: - generar, a partir de una aplicación de generación de tokens instalada en un dispositivo móvil (4), un token de un único uso y válido durante un período de tiempo determinado en función al menos de un dato temporal que determina la caducidad del token, una contraseña de usuario y un número secreto almacenado en el dispositivo móvil;  - generate, from a token generation application installed on a mobile device (4), a single-use token that is valid for a certain period of time based on at least one temporary data that determines the expiration of the token, a user password and a secret number stored on the mobile device; - enviar (108) a un servidor (8), el cual está sincronizado temporalmente con el dispositivo móvil (4), dicho token, datos de identificación del usuario, el importe de la compra realizada por el usuario y datos de identificación del comercio (1 ) donde se realiza la compra;  - send (108) to a server (8), which is temporarily synchronized with the mobile device (4), said token, user identification data, the amount of the purchase made by the user and trade identification data ( 1) where the purchase is made; - acceder el servidor (8) a una base de datos de usuarios (6) para:  - access the server (8) to a user database (6) to: • obtener, a partir de los datos de identificación del usuario, la contraseña de usuario y el número secreto almacenado en el dispositivo móvil (4), y validar el token recibido a partir de dicha información y el instante actual;  • obtain, from the user identification data, the user password and the secret number stored in the mobile device (4), and validate the token received from said information and the current moment; • obtener el servidor (8) información bancaria para efectuar el pago del importe de la compra por parte del usuario;  • obtain the server (8) bank information to make the payment of the purchase amount by the user; - acceder el servidor (8) a una base de datos de comercios (7) para obtener, a partir de los datos de identificación del comercio (1 ), información bancaria para efectuar el abono del importe de la compra;  - access the server (8) to a merchant database (7) to obtain, based on the merchant identification data (1), bank information to pay the purchase amount; - enviar a una pasarela de medio de pago (9) la orden de pago con información para realizar el pago y abono del importe de la compra.  - send the payment order with information to make the payment and payment of the purchase amount to a payment method gateway (9). 8. Método según la reivindicación 7, caracterizado por que el número secreto almacenado en el dispositivo móvil es un número generado en el momento de la instalación de la aplicación de generación de tokens en el dispositivo móvil (4). Method according to claim 7, characterized in that the secret number stored in the mobile device is a number generated at the time of the installation of the token generation application in the mobile device (4). 9. Método según cualquiera de las reivindicaciones 7 a 8, caracterizado por que el dispositivo móvil es un teléfono móvil, y los datos de identificación del usuario incluye el número del teléfono móvil. 9. Method according to any of claims 7 to 8, characterized in that the mobile device is a mobile phone, and the user identification data includes the mobile phone number. 10. Método según cualquiera de las reivindicaciones 7 a 9, caracterizado por que los datos de identificación del comercio comprenden un identificador del comercio y una contraseña. 10. Method according to any of claims 7 to 9, characterized in that the trade identification data comprises a trade identifier and a password. 1 1 . Método según cualquiera de las reivindicaciones 7 a 10, caracterizado por que la generación del token se realiza también en función del importe de la compra, asociando de esta forma el token con el importe de compra. eleven . Method according to any of claims 7 to 10, characterized in that the generation of the token is also carried out according to the purchase amount, thus associating the token with the purchase amount. 12. Método según cualquiera de las reivindicaciones 7 a 1 1 , caracterizado por que el pago se realiza mediante puntos o mediante cupones de descuento obtenidos en un programa de fidelización. 12. Method according to any of claims 7 to 1, characterized in that the payment is made by points or through discount coupons obtained in a loyalty program.
PCT/ES2014/070695 2013-09-13 2014-09-12 Mobile payment system and method based on a single use token Ceased WO2015036642A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
MX2016003314A MX2016003314A (en) 2013-09-13 2014-09-12 Mobile payment system and method based on a single use token.

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ESP201331331 2013-09-13
ES201331331A ES2531386B1 (en) 2013-09-13 2013-09-13 System and method of payment via mobile device

Publications (1)

Publication Number Publication Date
WO2015036642A1 true WO2015036642A1 (en) 2015-03-19

Family

ID=51842549

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/ES2014/070695 Ceased WO2015036642A1 (en) 2013-09-13 2014-09-12 Mobile payment system and method based on a single use token

Country Status (5)

Country Link
CL (1) CL2016000603A1 (en)
DO (1) DOP2016000065A (en)
ES (1) ES2531386B1 (en)
MX (1) MX2016003314A (en)
WO (1) WO2015036642A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12452065B2 (en) 2023-04-26 2025-10-21 T-Mobile Usa, Inc. Authorization tokens for an authenticated user accessing an application

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12125054B2 (en) 2018-09-25 2024-10-22 Valideck International Corporation System, devices, and methods for acquiring and verifying online information

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020161708A1 (en) * 2001-02-01 2002-10-31 Gero Offer Method and apparatus for performing a cashless payment transaction
WO2006023839A2 (en) * 2004-08-18 2006-03-02 Mastercard International Incorporated Method and system for authorizing a transaction using a dynamic authorization code
GB2425621A (en) 2005-03-18 2006-11-01 Hewlett Packard Development Co An electronic token for authorising payment at a retail outlet
US20080103984A1 (en) 2006-10-30 2008-05-01 Mobilekash, Inc. System, Method, and Computer-Readable Medium for Mobile Payment Authentication and Authorization
US20080154772A1 (en) 2006-12-26 2008-06-26 Mark Carlson Mobile payment system and method using alias
US20090254440A1 (en) * 2008-04-02 2009-10-08 Pharris Dennis J Ghosting payment account data in a mobile telephone payment transaction system
MX2009011633A (en) 2007-04-27 2009-11-10 American Express Travel Relate Payment application download to mobile phone and phone personalization.
WO2011127354A2 (en) 2010-04-09 2011-10-13 Paydiant, Inc. Mobile phone payment processing methods and systems
WO2012003842A1 (en) 2010-07-08 2012-01-12 Ashraf Abdel Salam Mohammed El Disoky Method and system for payment and processing all financial operations using wireless, landline and mobile phone credit as alternative to carrying money or credit cards
AU2010300674A1 (en) 2009-09-30 2012-04-26 Visa International Service Association Mobile payment application architecture
US20120173431A1 (en) 2010-12-30 2012-07-05 First Data Corporation Systems and methods for using a token as a payment in a transaction
WO2012168457A1 (en) * 2011-06-10 2012-12-13 Swedbank Ab Electronic transactions

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8996423B2 (en) * 2005-04-19 2015-03-31 Microsoft Corporation Authentication for a commercial transaction using a mobile module
WO2011153505A1 (en) * 2010-06-04 2011-12-08 Visa International Service Association Payment tokenization apparatuses, methods and systems
AU2012201745B2 (en) * 2011-03-24 2014-11-13 Visa International Service Association Authentication using application authentication element

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020161708A1 (en) * 2001-02-01 2002-10-31 Gero Offer Method and apparatus for performing a cashless payment transaction
WO2006023839A2 (en) * 2004-08-18 2006-03-02 Mastercard International Incorporated Method and system for authorizing a transaction using a dynamic authorization code
GB2425621A (en) 2005-03-18 2006-11-01 Hewlett Packard Development Co An electronic token for authorising payment at a retail outlet
US20080103984A1 (en) 2006-10-30 2008-05-01 Mobilekash, Inc. System, Method, and Computer-Readable Medium for Mobile Payment Authentication and Authorization
US20080154772A1 (en) 2006-12-26 2008-06-26 Mark Carlson Mobile payment system and method using alias
MX2009011633A (en) 2007-04-27 2009-11-10 American Express Travel Relate Payment application download to mobile phone and phone personalization.
US20090254440A1 (en) * 2008-04-02 2009-10-08 Pharris Dennis J Ghosting payment account data in a mobile telephone payment transaction system
AU2010300674A1 (en) 2009-09-30 2012-04-26 Visa International Service Association Mobile payment application architecture
WO2011127354A2 (en) 2010-04-09 2011-10-13 Paydiant, Inc. Mobile phone payment processing methods and systems
WO2012003842A1 (en) 2010-07-08 2012-01-12 Ashraf Abdel Salam Mohammed El Disoky Method and system for payment and processing all financial operations using wireless, landline and mobile phone credit as alternative to carrying money or credit cards
US20120173431A1 (en) 2010-12-30 2012-07-05 First Data Corporation Systems and methods for using a token as a payment in a transaction
WO2012168457A1 (en) * 2011-06-10 2012-12-13 Swedbank Ab Electronic transactions

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
"Posibilidades Pomo ¿Cómo usarlo on-line?", 23 January 2013 (2013-01-23), XP054975621, Retrieved from the Internet <URL:https://www.youtube.com/watch?v=DJbV8hGhvNk> [retrieved on 20141127] *
"Posibilidades Pomo", 21 January 2013 (2013-01-21), XP054975619, Retrieved from the Internet <URL:https://www.youtube.com/watch?v=O8eZDqgL7xc> [retrieved on 20141127] *
"Public-key Cryptography Standards", RSA
ANONYMOUS: "Home | ePOMo", 14 July 2013 (2013-07-14), XP055155625, Retrieved from the Internet <URL:https://web.archive.org/web/20130714025526/http://www.epomo.com/> [retrieved on 20141128] *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12452065B2 (en) 2023-04-26 2025-10-21 T-Mobile Usa, Inc. Authorization tokens for an authenticated user accessing an application

Also Published As

Publication number Publication date
CL2016000603A1 (en) 2016-11-25
ES2531386A1 (en) 2015-03-13
MX2016003314A (en) 2016-10-28
DOP2016000065A (en) 2016-06-30
ES2531386B1 (en) 2015-12-22

Similar Documents

Publication Publication Date Title
KR102416954B1 (en) Methods for prepaid, debit and credit card security code generation systems
US9846866B2 (en) Processing of financial transactions using debit networks
EP2836971B1 (en) Systems, methods, and computer readable media for conducting a transaction using cloud based credentials
US8565723B2 (en) Onetime passwords for mobile wallets
AU2023210563A1 (en) Secure processing of data
AU2007261072B2 (en) Consumer authentication system and method
CN106936587B (en) Consumer authentication system and method
CN110111087B (en) System and method for authorizing transactions utilizing unpredictable passwords
US8055581B2 (en) Management of financial transactions using debit networks
EP2919177A1 (en) Method and system for reversed near field contact electronic transaction
US10311436B2 (en) User authentication method and device for credentials back-up service to mobile devices
CA2584769A1 (en) Methods and systems for performing transactions with a wireless device
CN110110515A (en) The method and system of mobile contactless ticketing service/payment is realized by mobile phone application
US20150066745A1 (en) Payment relay system and method
WO2018217106A1 (en) System and method for electronic payment with an nfc card and smartphones with nfc technology
WO2015036642A1 (en) Mobile payment system and method based on a single use token
HK40089878A (en) Secure processing of data
ES2527884B1 (en) Method and system to enable contactless mobile ticketing / payments through a mobile phone application, enhanced
GB2522235A (en) Cashless payment system
HK40011532B (en) Systems and methods for authorizing a transaction with an unexpected cryptogram
KR20090016618A (en) Payment processing method and recording medium using virtual merchant network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14790651

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: MX/A/2016/003314

Country of ref document: MX

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 03.08.2016)

122 Ep: pct application non-entry in european phase

Ref document number: 14790651

Country of ref document: EP

Kind code of ref document: A1